Skip to content

A
angle
Commit 0ae8205c by shannonwoods@chromium.org
Options

Validate allocation size in PoolAllocator.

Note that I am planning to get rid of PoolAllocator entirely. BUG=crbug 179654 Review URL: https://codereview.appspot.com/8662046 git-svn-id: https://angleproject.googlecode.com/svn/branches/dx11proto@2225 736b8ea6-26fd-11df-bfd4-992fa37f6226
parent 4b31d467
Showing with 15 additions and 8 deletions
src/compiler/PoolAlloc.cpp
...@@ -228,24 +228,27 @@ void TPoolAllocator::popAll() ...@@ -228,24 +228,27 @@ void TPoolAllocator::popAll()
void* TPoolAllocator::allocate(size_t numBytes) void* TPoolAllocator::allocate(size_t numBytes)
{ {
//
// Just keep some interesting statistics.
//
++numCalls;
totalBytes += numBytes;
// If we are using guard blocks, all allocations are bracketed by // If we are using guard blocks, all allocations are bracketed by
// them: [guardblock][allocation][guardblock]. numBytes is how // them: [guardblock][allocation][guardblock]. numBytes is how
// much memory the caller asked for. allocationSize is the total // much memory the caller asked for. allocationSize is the total
// size including guard blocks. In release build, // size including guard blocks. In release build,
// guardBlockSize=0 and this all gets optimized away. // guardBlockSize=0 and this all gets optimized away.
size_t allocationSize = TAllocation::allocationSize(numBytes); size_t allocationSize = TAllocation::allocationSize(numBytes);
// Detect integer overflow.
// if (allocationSize < numBytes)
// Just keep some interesting statistics. return 0;
//
++numCalls;
totalBytes += numBytes;
// //
// Do the allocation, most likely case first, for efficiency. // Do the allocation, most likely case first, for efficiency.
// This step could be moved to be inline sometime. // This step could be moved to be inline sometime.
// //
if (currentPageOffset + allocationSize <= pageSize) { if (allocationSize <= pageSize - currentPageOffset) {
// //
// Safe to allocate from currentPageOffset. // Safe to allocate from currentPageOffset.
// //
...@@ -256,12 +259,16 @@ void* TPoolAllocator::allocate(size_t numBytes) ...@@ -256,12 +259,16 @@ void* TPoolAllocator::allocate(size_t numBytes)
return initializeAllocation(inUseList, memory, numBytes); return initializeAllocation(inUseList, memory, numBytes);
} }
if (allocationSize + headerSkip > pageSize) { if (allocationSize > pageSize - headerSkip) {
// //
// Do a multi-page allocation. Don't mix these with the others. // Do a multi-page allocation. Don't mix these with the others.
// The OS is efficient and allocating and free-ing multiple pages. // The OS is efficient and allocating and free-ing multiple pages.
// //
size_t numBytesToAlloc = allocationSize + headerSkip; size_t numBytesToAlloc = allocationSize + headerSkip;
// Detect integer overflow.
if (numBytesToAlloc < allocationSize)
return 0;
tHeader* memory = reinterpret_cast<tHeader*>(::new char[numBytesToAlloc]); tHeader* memory = reinterpret_cast<tHeader*>(::new char[numBytesToAlloc]);
if (memory == 0) if (memory == 0)
return 0; return 0;
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment